Nick Baskett wrote an interesting article in it-observer about best practices when hiring an external penetration testing consultant. I hope that more and more business decision makers will apply his advices :

amazing that this nifty tool supports Server-side JS, GET, POST, uploads, Cookies, SQLite and AJAX.

OSSTMM guru Pete Herzog released today an interesting guide on social engineering assessments.

OWASP is happy to announce the first release of OWASP Pantera – Web Assessment Studio. Pantera is a mix between a pentest proxy, an application scanner, and an intelligent analysis framework. Pantera’s goal is to leave the analysis and automatic (repetitive) stuff to the engine, leaving only the important decisions to the security expert. Great [...]